Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,781
Maven
5,000+
npm
4,386
NuGet
772
pip
4,164
Pub
12
RubyGems
965
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

531 advisories

Loading
Picklescan Bypass is Possible via File Extension Mismatch Critical
CVE-2025-10155 was published for picklescan (pip) Sep 10, 2025
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check Critical
CVE-2025-10156 was published for picklescan (pip) Sep 10, 2025
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports Critical
CVE-2025-10157 was published for picklescan (pip) Sep 10, 2025
davcohen
Credited to davcohen
internetarchive Vulnerable to Directory Traversal in File.download() Critical
CVE-2025-58438 was published for internetarchive (pip) Sep 5, 2025
pengowray
Credited to pengowray
TkEasyGUI Vulnerable to OS Command Injection Critical
CVE-2025-55037 was published for TkEasyGUI (pip) Sep 5, 2025
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution Critical
GHSA-58p5-r2f6-g2cj was published for usd-core (pip) Sep 4, 2025
bshyuunn
Credited to bshyuunn
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more Critical
CVE-2025-58367 was published for deepdiff (pip) Sep 3, 2025
diogotcorreia
Credited to diogotcorreia
ExecuTorch out-of-bounds access vulnerability Critical
CVE-2025-54950 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30405 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch integer overflow vulnerability Critical
CVE-2025-30404 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch heap buffer overflow vulnerability Critical
CVE-2025-54949 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
ExecuTorch vulnerable to Heap-based Buffer Overflow Critical
CVE-2025-54951 was published for executorch (Maven) Aug 8, 2025
Fidget-Grep
Credited to Fidget-Grep
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) Critical
CVE-2025-54802 was published for pyload-ng (pip) Aug 4, 2025
kreeksec giteku
Credited to kreeksec and giteku
num2words subjected to phishing attack, two versions published containing malware Critical
GHSA-jxr6-qrxx-2ph2 was published for num2words (pip) Jul 31, 2025
BentoML SSRF Vulnerability in File Upload Processing Critical
CVE-2025-54381 was published for bentoml (pip) Jul 29, 2025
geckosecurity jjjutla
nkoorty
Credited to geckosecurity, jjjutla, and nkoorty
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module Critical
CVE-2025-5120 was published for smolagents (pip) Jul 27, 2025
pyLoad vulnerable to XSS through insecure CAPTCHA Critical
CVE-2025-53890 was published for pyload-ng (pip) Jul 15, 2025
ekuboo100
Credited to ekuboo100
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator Critical
CVE-2025-50213 was published for apache-airflow-providers-snowflake (pip) Jun 26, 2025
rfc3161-client has insufficient verification for timestamp response signatures Critical
CVE-2025-52556 was published for rfc3161-client (pip) Jun 20, 2025
jku woodruffw
Credited to jku and woodruffw
Langflow Unauth RCE Critical
CVE-2025-3248 was published for langflow (pip) Jun 17, 2025
chximn-dt
Credited to chximn-dt
Salt vulnerable to directory traversal attack in file receiving method Critical
CVE-2024-38824 was published for salt (pip) Jun 13, 2025
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
llama_index vulnerable to SQL Injection Critical
CVE-2025-1793 was published for llama-index (pip) Jun 5, 2025
Malayke
Credited to Malayke
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service Critical
CVE-2025-47277 was published for vllm (pip) May 20, 2025
kikayli russellb
funscoietyxboyz
Credited to kikayli, russellb, and funscoietyxboyz
Langroid has a Code Injection vulnerability in TableChatAgent Critical
CVE-2025-46724 was published for langroid (pip) May 20, 2025
SCH227
Credited to SCH227
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database